[Previous entry: "A nice fix for the "Overwrite any file via desname in Oracle Reports" bug"] [Next entry: "Oracle Proxy Users"]
Some testing of orabf (Oracle password cracker) speed by Marcel-Jan
September 19th, 2005 by Pete
Post to del.icio.us
Post to Furl
Marcel-Jan has posted an interesting analysis of timings of toolcrypts orabf Oracle password cracker on my Oracle security forum. Marcel-Jan has worked out the order that the brute force passwords are work through and done some timings for finding every password for particular length passwords (up to 8 characters). he has used passwords of ZZZZZZZZ. He used Z's as this ensured that all passwords are worked through first. The 8 character password took 4 days, 9 hours, 12 minutes and 38 seconds. Bear in mind that this are pure ascii passwords and passwords including numbers (digits) or special characters _#& would take much longer. And passwords using the whole keyspace would take even longer.
This means that to ensure that you have harder passwords to crack you need to use digits and special characters or ideally the whole key space for your passwords.
The thread is titled "Toolcrypt's orabf" and the post is at the end.
